![User banner](https://infosec.pub/pictrs/image/c01c16c1-7a61-406d-aab9-f3d75d617d3f.jpeg)
CPU vulnerabilities are a widespread problem, yet they are not well understood and are generally hard to mitigate. Some of these vulnerabilities affect nearly all modern processors, regardless of running software. This blog explores their impact on real-life systems.
![Blog: No More Speculation: Exploiting CPU Side-Channels for Real](https://infosec.pub/pictrs/image/d580eeda-1d0c-4198-884e-6852a030b647.png?format=webp&thumbnail=256)
Our goal at DFF is to reveal any threats on mobile devices, and that requires us to keep up to date with every single version of Android and iOS, including the beta and "Developer Preview" phases. Often, these are the under-the-hood, undocumented changes which have the real impact on opera
![iOS 17: New Version, New Acronyms — Dataflow Forensics](https://infosec.pub/pictrs/image/ded0d429-658f-419e-93de-c3ff2c536ad8.jpeg?format=webp&thumbnail=256)
Glad to be of use!
Contribute to mistymntncop/CVE-2023-2033 development by creating an account on GitHub.
![GitHub - mistymntncop/CVE-2023-2033](https://infosec.pub/pictrs/image/c815813f-8549-4711-b0ba-683230a590de.png?format=webp&thumbnail=256)
In this guest blog from researcher Marcin Wiązowski, he details CVE-2023-21822 – a Use-After-Free (UAF) in win32kfull that could lead to a privilege escalation. The bug was reported through the ZDI program and later patched by Microsoft. Marcin has graciously provided this detailed write-up of
![Zero Day Initiative — Exploiting a Flaw in Bitmap Handling in Windows User-Mode Printer Drivers](https://infosec.pub/pictrs/image/a2ed8495-b43c-4d12-8c1a-21a625d373cb.jpeg?format=webp&thumbnail=256)
Earlier this year I was invited to give a talk at University of California San Diego (UCSD) for Nadia Heninger's CSE 127 ("Intro to Computer Security"). I chose to talk about modern exploit development, stepping through the process of finding and exploiting some of the memory corruption bugs that th...
![An Introduction to Exploit Reliability](https://infosec.pub/pictrs/image/cf4525d4-0541-482f-9970-a0aa1b605d0a.jpeg?format=webp&thumbnail=256)
Unpack the remote code execution vulnerability impacting the Microsoft Message Queueing service — CVE-2023-21554, a.k.a. QueueJumper.
![MSMQ QueueJumper (RCE Vulnerability): An In-Depth Technical Analysis](https://infosec.pub/pictrs/image/5224b45e-2100-415e-aaf5-ff48f9c1d2a1.jpeg?format=webp&thumbnail=256)
By Mark Brand, Project Zero In mid-2022, Project Zero was provided with access to pre-production hardware implementing the ARM MTE specifi...
Exploiting a vulnerability in the io_uring subsystem of the Linux kernel.
IntroductionI’ve been doing some Linux kernel exploit development/study and vulnerability research off and on since last Fall and a few months ago I had some downtime on vacation to sit and challenge myself to write my first data-only exploit for a real bug that was exploited in kCTF. io_ring has be...
![Escaping the Google kCTF Container with a Data-Only Exploit](https://infosec.pub/pictrs/image/bc05e774-26fd-4259-8935-1acc4dd4c470.jpeg?format=webp&thumbnail=256)
Introduction Every so often a piece of security research will generate a level of excitement and buzz that's palpable. Dan Kaminsky's DNS bug, Barnaby Jack's ATM Jackpotting, Chris Valasek and Charlie Miller's Jeep hacking escapades. There's something special about the overheard conversations, the ...
![The Legacy of Stagefright](https://infosec.pub/pictrs/image/505b6f47-54ee-4edd-93d1-4f5894b33d80.png?format=webp&thumbnail=256)
TLDR prctl PR_SET_VMA (PR_SET_VMA_ANON_NAME) can be used as a (possibly new!) heap spray method targeting the kmalloc-8 to kmalloc-96 caches. The sprayed object, anon_vma_name, is dynamically sized, and can range from larger than 4 bytes to a maximum of 84 bytes. The object can be easily allocated a...
![prctl anon_vma_name: An Amusing Linux Kernel Heap Spray](https://infosec.pub/pictrs/image/e86854aa-dada-43dc-8041-4fcb260fc597.png?format=webp&thumbnail=256)
POC of CVE-2023-35086 only DoS. Contribute to tin-z/CVE-2023-35086-POC development by creating an account on GitHub.
![GitHub - tin-z/CVE-2023-35086-POC: POC of CVE-2023-35086 only DoS](https://infosec.pub/pictrs/image/835762d1-c49f-4bbc-8033-8b84ab8aad7f.png?format=webp&thumbnail=256)
Recently, I was trying out various exploitation techniques against a Linux kernel vulnerability, CVE-2022-3910. After successfully writing an exploit which made use of DirtyCred to gain local privilege escalation, my mentor Billy asked me if it was possible to tweak my code to facilitate a container...
![A new method for container escape using file-based DirtyCred](https://infosec.pub/pictrs/image/28788f18-5d2c-489d-a4b1-58d8ad4b2ee5.png?format=webp&thumbnail=256)
The content is really bounded by tech stuff, but I guess that's due to migration being important for tech-savvy users. It is true that appending "reddit" to search queries and following the results is still inevitable (but hey, libreddit and teddit still work). But vibe is completely different, very organic, very active, I like it a lot. I think there is a lot of potential in this feeling of authentic communication. Let's hope it grows.
Lemmy is much better replacement for Reddit than Mastodon is for Twitter.
![udunadan](https://infosec.pub/pictrs/image/a1895377-b8eb-4cfa-adc5-6e8f7489a7e0.jpeg?format=webp&thumbnail=64)
An open-eyed man falling into the well of weird warring state machines. I mostly speak on (offensive) cybersecurity issues.
https://twitter.com/udunadan
https://infosec.exchange/@udunadan